Crowd is an application security framework that handles authentication and authorization for your web-based applications. With Crowd you can quickly integrate multiple web applications into a single security architecture that supports single sign-on (SSO) and centralized identity management.
Crowd has the following components:
- The Crowd Administration Console is a clean and powerful web-interface for managing directories, users (known in Crowd as 'principals') and their security rights ('permissions'). Refer to the Crowd Administration Guide for details.
- The Crowd Self-Service Console allows authorized users to maintain their user profiles and passwords and to view their usernames, groups, roles and applications. Refer to the Crowd User Guide for details.
- The Crowd integration API provides a platform-neutral way to integrate web applications into a single security architecture. With the integration API, applications can quickly access user information and perform security checks.
Designed for ease of use, Crowd can be deployed with your existing infrastructure. Crowd supports:
- Java, .NET and PHP applications.
- Popular directory servers such as Microsoft Active Directory, Sun ONE and OpenLDAP. Additionally, custom directory connectors may be developed using the Crowd integration API.
See the list of supported applications and directories.
Crowd is a middleware application that integrates web applications into a single security architecture, supporting single sign-on and centralized identity management. Crowd works by dispatching authentication and authorization calls from configured applications to configured directories.
A typical deployment may be similar to the following:
When an application needs to validate a security or authentication request (e.g. when a user attempts to log in to the application) the application will make a simple API call to the Crowd framework, which will then forward the call to the appropriate directory.
Crowd integrates and provisions applications. Once defined, an application is mapped to a directory(s), whose users are then granted access to the application. Note that an application can only communicate with Crowd when the application uses a known host address.
Crowd supports an unlimited number of user directories. A directory can be one of the following types:
- Internal to Crowd.
- Connected to Crowd via an LDAP connector (e.g. for Active Directory), with all authentication and user/group management in LDAP.
- A Crowd internal directory for user/group management but with authentication delegated to LDAP (e.g. Active Directory).
- Connected via a custom directory connector (e.g. for a legacy database).
Once you have defined a directory in Crowd, you can map it to applications. Crowd will then pass authentication and authorization requests to the directory, for all applications that are mapped to that directory. Modification of directory entities (users and groups) can be done via the Crowd Administration Console or via the application, depending on the application's capabilities.
You can even map multiple directories to an application, providing the application with a single view of multiple directories in a specified order.